Different kinds of NFC security measures

Written By Niranjan Mathirajan

Have you ever wondered why tools like the flipper zero are so limited in scanning nfc chips? If key fobs are only limited antennas that can broadcast a specific UID? Today, we will learn about MIFARE, which is a series of smart cards and scanners, which is very similar to the technologies used in other card readers and scanners. It’s designed by NXP Semiconductors, and it employs very common security measures to allow card scanners to validate people.

The basics

Most key fobs you buy online are very easy to clone with a flipper, or any device that can read NFC signals. These fobs use a 125Khz rfid signal, and they simply house a small Integrated Circuit Chip. The way the system works is, when the card is presented next to the rfid reader, the rfid sends an electro magnetic signal out to the fob, which uses that signal to power the IC, which immediately reflects a stored UID back to the reader. What’s interesting about this scenario, is that the UID is typically non programmable, and there are very small chances for a factory that produces these chips, to re use a UID. Generally, manufacturers will guarantee unique UID’s per bulk order of fobs, however two bulk orders of key fobs could use the same UID’s. This is obviously a security risk, but that’s the price for very cheap key fobs. A flipper, or any NFC reader can easily read these UID signals, and replay them.

Advanced Security

Modern High Frequency NFC fobs, which use IC’s like the MIFARE DESFire EV2/3 contain a small micro controller instead. This micro controller will request a cryptographic challenge from the NFC reader. By using clever cryptography techniques, the NFC reader can give a random number, which, when combined with the secret key onboard the NFC tag, will generate a response. By making sure the NFC tag generates the correct response, the NFC tag never has to openly share it’s secret key, only it’s response, making it significantly more secure.

Reading These Signals

In order to read these fobs, many different readers are commonly used. The two main ones, are the PN-532, and the RC-522. The RC-522 only supports older classic cards, which broadcast their UID’s. These come in handy for smaller projects, where user authentication isn’t necessary. The PN-532 on the other hand does support high frequency key fobs, and allows for the implementation of better security measures.

Overall, we can now understand how secure systems are made through NFC, and the main ideas behind implementing secure systems that store a secret key that never gets broadcasted. This idea is commonly used, along with pin scrolling, the reader gives the key fob a new random number which will be used for future validation checks, and other techniques. The addition of an NFC powered micro controller onboard these fobs is what make them so secure.

Niranjan Mathirajan
Next

Real-time processing power of STM32